- From: David Orchard <dorchard@bea.com>
- Date: Thu, 24 Oct 2002 15:59:38 -0700
- To: <www-ws-arch@w3.org>
Here's my latest wording, based upon our consensus that we should say something and Hal's input. Dear OASIS WS-Security TC, The W3C Web Services Architecture Working Group would like to express it's concern around the lack of WSDL definitions for WS-Security elements in the first version of the WS-Security product. As a best practice, members of the web services architecture group believe that WSDL definitions should be part of any specification of SOAP Modules. We would like to encourage the WS-Security group to take up this piece of work in the first version of it's product. It appears that the issue is not so much the "goodness" of such a thing, rather the timing is the issue. There are a variety of rationale for including description in v1: 1) To ensure that the runtime aspects can be described in a reasonable manner - it would be unfortunate if some headers were difficult to describe in wsdl; 2) To promote interoperability - bodies such as W3C and WS-I believe that interoperable descriptions are a requirement to interoperability. We were made aware of the significant range of possible description. We don't think it appropriate to venture into your domain and make a recommendation as the extent of descriptions that should be provided - such as trusted authorities, etc. However, it is of our opinion, though we could easily be mistaken, that a simple description of the required WS Security elements in a given message is probably doable in a reasonably short time frame. We are certainly not advocating a large (year or more) delay in schedule. On behalf of the W3C Web Services Architecture Working Group, Dave Orchard > -----Original Message----- > From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On > Behalf Of David Orchard > Sent: Wednesday, October 16, 2002 8:36 AM > To: www-ws-arch@w3.org > Subject: Potential issue around ws-security and wsdl definitions > > > > Hi all, > > I wanted to potentially raise an issue around liaison with oasis > ws-security. ws-security does not currently provide wsdl > definitions for > the security elements exchanged. There is a discussion list around > describing qualities of service. I think it would be a good > thing to ask > oasis ws-security tc if they could provide wsdl definitions > as part of their > v1 output. Obviously this is a very delicate area, and we > don't want to > annoy them. If there isn't a strong majority within our group, then I > wouldn't want to proceed either. This certainly appears to be an > architectural area. It appears the key issue is around > timing of when to > provide description - either at the same time as the soap > definitions or > later. > > I think this is also a "web service spec" best practice - Descriptions > should be provided at the same time as runtime extensions. > > Some potential wording suggestion > > "Dear OASIS WS-Security TC, > > The W3C Web Services Architecture Working Group would like to > express it's > concern around the lack of WSDL definitions for WS-Security > elements in the > first version of the WS-Security product. We would like to > encourage the > WS-Security group to take up this piece of work in the first > version of it's > product. It appears that the issue is not so much the > "goodness" of such a > thing, rather the timing is the issue. There are a variety > of rationale for > including description in v1: 1) To ensure that the runtime > aspects can be > described in a reasonable manner - it would be unfortunate if > some headers > were difficult to describe in wsdl; 2) To promote > interoperability - bodies > such as W3C and WS-I believe that interoperable descriptions are a > requirement to interoperability. > " > > Cheers, > Dave > > >
Received on Thursday, 24 October 2002 19:04:24 UTC